NSX Advanced Load Balancer supports DNS queries over both UDP and TCP protocols. DNS-over-TCP implementation requirements are described in RFC 7766.

One DNS Query per TCP Connection

NSX Advanced Load Balancer processes only one DNS query per TCP connection. It does not support DNS query pipelining as described in the RFC 7766. If multiple DNS queries are sent over the same TCP connection, NSX Advanced Load Balancer will generate the response only for the first DNS query and ignore the remaining queries. If the DNS queries were meant for pass through to upstream DNS servers, then only the first DNS query in the TCP connection is passed to the upstream server, and the remaining queries are ignored.

NSX Advanced Load Balancer initiated TCP Connection Close

When NSX Advanced Load Balancer responds to a DNS query in a TCP connection, it generates a FIN towards the client to close the TCP connection. This is done to release memory resources immediately rather than wait for the client to timeout waiting on the responses for the multiple potential queries it sent.

Note:
  • If the multiple queries were passthrough to the upstream DNS server, then the TCP connection between the client and NSX Advanced Load Balancer follows the regular connection close process.

  • NSX Advanced Load Balancer supports closing of TCP connection proactively in case of DNS pass-through using the close_tcp_connection_post_response knob.

    For more information on enabling the close_tcp_connection_post_response knob, see Closing TCP Connection Post Response Proactively for DNS Pass-through.

Other than DNS query pipelining, DNS queries over TCP get the same treatment as DNS over UDP as far as DNS behavior is concerned. Note that by using TCP, DNS over TCP is not limited to 512 bytes size, as is the case for DNS over UDP.